Home > Mac News > Apple Sucks at Security

Apple Sucks at Security

November 14th, 2015

Three and a half years ago, I posted about Apple doing insanely stupid things regarding security, namely:

  1. giving user redundant prompts to enter their account password outside of any identifiable app; and
  2. giving users email links in unsolicited emails where they should enter their account id and password.

Both of these are incredibly and dangerously idiotic, as they are exactly the manner in which malware, hackers, and scammers steal information from you; training people to respond positively to such things is essentially training them to fall prey to the first attack that comes along.

Recently, I have suffered from dealing with more and more similar and harebrained idiocy from Apple. First of all, in Keychain, when I want to see a password, I am asked for my system password; I enter it. But then I get another prompt for my password and my ID, after having just entered my correct password. Why? No explanation given, just enter the ID and password. If I cancel the second request, the password I was trying to uncover is still hidden. If I do enter the information, the computer tells me it was not correct, and the password is still hidden. This is precisely what I expect to see if I am presented with some sort of malware.


The same happens with iCloud. I am asked to enter the password repeatedly, for no apparent reason. I could not remember it, so I checked Keychain—and could not access it. So I reset it. Everything went okay: I clicked “I forgot,” went to Apple’s site, asked for email authentication, did that, reset the password online. So far, so good. Then I went to the System Preferences and signed in to the account. It worked. Okay.

But then I got another prompt to enter the password, apparently not attached to any app. Not thinking, I typed in the password. Then I got another identical prompt, asking for the same password. This is when I lost it—there was no reason for Apple to ask me for my password, not the second time and certainly not the third. It looked exactly like a malware password heist. The thing is, I checked, and apparently it is not malware or a hacker. However, it makes me feel exactly as if I was hacked.


I reset the password again, and this time I ignored the superfluous generic password requests, just canceled them—and there was no apparent ill effect. So why in hell is Apple adding these?? Not to mention, Apple should never have a free-floating request for a password that is not clearly attached to an official app. Such requests must always be the “windowshade” style requests firmly pegged to the window of an app you can trust—otherwise, it’s identical to what a hacker would use, and thus trains users to fall prey to the first attack that comes along.

I swear, Apple’s security gets so easily crapped up that it is completely unworth it. I am going to trash Apple’s security as much as I can and go with a third-party solution.

Categories: Mac News Tags: by
Comments are closed.